CEC-1316 azure migration (#140)

* test portal azure * :doh: * runner * WIP * values * letsencrypt + docker cache * stg/prd * portal things * cleanup * split build/deploy + temp stage deploy * :doh: * try this * and prod * this works for now, can improve later * no need to specify azure anymore Co-authored-by: Drew Taylor <69828061+drew-fisker@users.noreply.github.com>
2022-04-18 17:54:14 -04:00
parent 491de89269
commit b4d06cf52f
9 changed files with 67 additions and 48 deletions
--- a/.env.dev
+++ b/.env.dev
@@ -1,4 +1,4 @@
-REACT_APP_AUTH_SERVICE_URL=https://gw-dev.fiskerdps.com/compute_auth
-REACT_APP_UPLOAD_SERVICE_URL=https://gw-dev.fiskerdps.com/ota_update
-REACT_APP_AUTH_CALLBACK_URL=https://dev-ota-admin.fiskerdps.com
+REACT_APP_AUTH_SERVICE_URL=https://dev-gw.cloud.fiskerinc.com/compute_auth
+REACT_APP_UPLOAD_SERVICE_URL=https://dev-gw.cloud.fiskerinc.com/ota_update
+REACT_APP_AUTH_CALLBACK_URL=https://dev-ota-admin.cloud.fiskerinc.com
 REACT_APP_SUPERSET_URL=http://superset-dev.fisker.internal
--- a/.env.prd
+++ b/.env.prd
@@ -1,4 +1,4 @@
-REACT_APP_AUTH_SERVICE_URL=https://gw.fiskerdps.com/compute_auth
-REACT_APP_UPLOAD_SERVICE_URL=https://gw.fiskerdps.com/ota_update
-REACT_APP_AUTH_CALLBACK_URL=https://ota-admin.fiskerdps.com
+REACT_APP_AUTH_SERVICE_URL=https://gw.cloud.fiskerinc.com/compute_auth
+REACT_APP_UPLOAD_SERVICE_URL=https://gw.cloud.fiskerinc.com/ota_update
+REACT_APP_AUTH_CALLBACK_URL=https://ota-admin.cloud.fiskerinc.com
 REACT_APP_SUPERSET_URL=http://superset.fisker.internal
--- a/.env.stg
+++ b/.env.stg
@@ -1,4 +1,4 @@
-REACT_APP_AUTH_SERVICE_URL=https://gw-stg.fiskerdps.com/compute_auth
-REACT_APP_UPLOAD_SERVICE_URL=https://gw-stg.fiskerdps.com/ota_update
-REACT_APP_AUTH_CALLBACK_URL=https://stg-ota-admin.fiskerdps.com
+REACT_APP_AUTH_SERVICE_URL=https://stg-gw.cloud.fiskerinc.com/compute_auth
+REACT_APP_UPLOAD_SERVICE_URL=https://stg-gw.cloud.fiskerinc.com/ota_update
+REACT_APP_AUTH_CALLBACK_URL=https://stg-ota-admin.cloud.fiskerinc.com
 REACT_APP_SUPERSET_URL=http://superset-stg.fisker.internal
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -5,34 +5,42 @@ on:
      - main
      - "release/**"
      - "hotfix/**"
+env:
+  SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+  SLACK_CHANNEL: "#cloud-builds"
+  SLACK_FOOTER: ""
+  SLACK_USERNAME: GitHub Actions
+  SLACK_ICON: "https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png"
+  TAG: ${{ github.sha }}
+  PROJECT: ota-admin-portal
+  REGISTRY: fiskercloud.azurecr.io

 jobs:
-  deploy:
-    name: Deploy
-    runs-on: self-hosted
-    env:
-      SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
-      SLACK_CHANNEL: "#cloud-builds"
-      SLACK_FOOTER: ""
-      SLACK_USERNAME: GitHub Actions
-      SLACK_ICON: "https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png"
-      TAG: ${{ github.sha }}
-      PROJECT: ota-admin-portal
+  build:
+    runs-on: ubuntu-latest
+    outputs:
+      build-env: ${{ steps.set-env.outputs.build-env }}
    steps:
      - name: Slack Notification
        uses: rtCamp/action-slack-notify@v2
+
      - name: Checkout
        uses: actions/checkout@v2
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v1
+
+      - name: Azure Login
+        uses: azure/login@v1
        with:
-          aws-region: us-west-2
-      - name: Create ECR Repo
-        run: aws ecr create-repository --region us-west-2 --repository-name ${PROJECT} || true
-      - name: Login to Amazon ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v1
+          creds: ${{ secrets.AZURE_CREDENTIALS }}
+
+      - name: Docker login
+        uses: azure/docker-login@v1
+        with:
+          login-server: ${{ env.REGISTRY }}
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_PASSWORD }}
+
      - name: Set Env
+        id: set-env
        run: |
          case ${GITHUB_REF} in
            refs/heads/develop)
@@ -47,26 +55,33 @@ jobs:
              ENVIRONMENT=dev;;
          esac
          echo "ENVIRONMENT=${ENVIRONMENT}" >> $GITHUB_ENV
+          echo "::set-output name=build-env::${ENVIRONMENT}"
+
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
+
      - name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          build-args: ENVIRONMENT=${{ env.ENVIRONMENT }}
          push: true
-          tags: ${{ steps.login-ecr.outputs.registry }}/${{ env.PROJECT }}:${{ env.TAG}}-${{ env.ENVIRONMENT }}
-          cache-from: type=registry,ref=${{ steps.login-ecr.outputs.registry }}/${{ env.PROJECT }}:${{ env.TAG}}-${{ env.ENVIRONMENT }}
-          cache-to: type=inline
-      - name: Notify deploy
-        uses: rtCamp/action-slack-notify@v2
+          tags: ${{ env.REGISTRY }}/${{ env.PROJECT }}:${{ env.TAG }}-${{ env.ENVIRONMENT }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  deploy:
+    needs: build
+    runs-on: [self-hosted, azure]
+    env:
+      ENVIRONMENT: ${{ needs.build.outputs.build-env }}
+    steps:
+      - uses: rtCamp/action-slack-notify@v2
        env:
          MSG_MINIMAL: true
-          SLACK_MESSAGE: "Deploying to ${{ env.ENVIRONMENT }}...  :partydeploy:"
+          SLACK_MESSAGE: "Deploying ${{ env.PROJECT }} to ${{ env.ENVIRONMENT }}...  :partydeploy:"
+
      - name: Deploy
-        id: deploy
-        env:
-          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        run: |-
          helm upgrade \
          --kube-context $ENVIRONMENT \
@@ -80,7 +95,7 @@ jobs:
        uses: rtCamp/action-slack-notify@v2
        env:
          MSG_MINIMAL: true
-          SLACK_MESSAGE: "Successfully deployed to ${{ env.ENVIRONMENT }}!  :gopher_party:"
+          SLACK_MESSAGE: "Successfully deployed ${{ env.PROJECT }} to ${{ env.ENVIRONMENT }}!  :gopher_party:"

      - name: Notify if failure
        if: ${{ failure() }}
--- a/k8s/templates/ingress.yaml
+++ b/k8s/templates/ingress.yaml
@@ -1,21 +1,25 @@
-apiVersion: networking.k8s.io/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
  annotations:
-    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod
  labels:
    app: {{ .Chart.Name }}
  name: {{ .Chart.Name }}
 spec:
+  ingressClassName: nginx
  rules:
  - host: {{ .Values.ingress.hostname }}
    http:
      paths:
      - backend:
-          serviceName: {{ .Chart.Name }}
-          servicePort: 80
+          service:
+            name: {{ .Chart.Name }}
+            port:
+              number: 80
        path: /
+        pathType: ImplementationSpecific
  tls:
  - hosts:
    - {{ .Values.ingress.hostname }}
-    secretName: fiskerdps-cert
+    secretName: {{ .Chart.Name }}-tls
--- a/k8s/values-dev.yaml
+++ b/k8s/values-dev.yaml
@@ -1,5 +1,5 @@
 ingress:
-  hostname: dev-ota-admin.fiskerdps.com
+  hostname: dev-ota-admin.cloud.fiskerinc.com

 resources:
  requests:
--- a/k8s/values-prd.yaml
+++ b/k8s/values-prd.yaml
@@ -1,5 +1,5 @@
 ingress:
-  hostname: ota-admin.fiskerdps.com
+  hostname: ota-admin.cloud.fiskerinc.com

 resources:
  requests:
@@ -9,4 +9,4 @@ resources:
    cpu: 250m
    memory: 256Mi

-replicas: 1
+replicas: 3
--- a/k8s/values-stg.yaml
+++ b/k8s/values-stg.yaml
@@ -1,5 +1,5 @@
 ingress:
-  hostname: stg-ota-admin.fiskerdps.com
+  hostname: stg-ota-admin.cloud.fiskerinc.com

 resources:
  requests: